F0Lds

**Name of the Vulnerable Software and Affected Versions** TP-LINK TL-WR849N version 0.9.1 4.16 **Description** The issue is related to the lack of authentication required to replace the firmware of TP-LINK TL-WR849N devices via a POST request to the "cgi/softup" URI. This could allow a remote attacker to impact the confidentiality and integrity of protected information. **Recommendations** For TP-LINK TL-WR849N version 0.9.1 4.16, as a temporary workaround, consider restricting access to the "cgi/softup" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intelbras WRN240 devices (affected versions not specified) **Description** The issue allows replacement of the firmware without requiring authentication, via a POST request to the "incoming/Firmware.cfg" API endpoint. **Recommendations** For Intelbras WRN240 devices, as a temporary workaround, consider restricting access to the "incoming/Firmware.cfg" API endpoint until a patch is available.